Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Antivirus Protection 2012 SM' = '%APPDATA%\Antivirus Protection 2012TM\securitymanager.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Antivirus Protection 2012TM' = '"%APPDATA%\Antivirus Protection 2012TM\AntivirusProtection2012.exe" /STARTUP'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'oqn9upuvumo0' = '<Full path to virus>'
- %TEMP%\_1.tmpac7d.exe -p"06:29 PM" -y -o"%APPDATA%\Antivirus Protection 2012TM"
- %HOMEPATH%\Start Menu\Programs\Antivirus Protection 2012TM\Antivirus Protection 2012TM.lnk
- %HOMEPATH%\Desktop\Antivirus Protection 2012TM.lnk
- %HOMEPATH%\Start Menu\Programs\Antivirus Protection 2012TM.lnk
- %HOMEPATH%\Start Menu\Programs\Antivirus Protection 2012TM\Activate Antivirus Protection 2012TM.lnk
- %APPDATA%\Microsoft\Internet Explorer\Quick Launch\Antivirus Protection 2012TM.lnk
- %HOMEPATH%\Start Menu\Programs\Antivirus Protection 2012TM\Help Antivirus Protection 2012TM.lnk
- %HOMEPATH%\Start Menu\Programs\Antivirus Protection 2012TM\How to Activate Antivirus Protection 2012TM.lnk
- %APPDATA%\Antivirus Protection 2012TM\IcoHelp.ico
- %APPDATA%\Antivirus Protection 2012TM\IcoActivate.ico
- %TEMP%\_1.tmpac7d.exe
- %APPDATA%\Antivirus Protection 2012TM\IcoUninstall.ico
- %APPDATA%\Antivirus Protection 2012TM\securityhelper.exe
- %APPDATA%\Antivirus Protection 2012TM\securitymanager.exe
- %APPDATA%\Antivirus Protection 2012TM\AntivirusProtection2012.exe
- DNS ASK 13######48.incom-softpro.in
- DNS ASK 13######47.incom-softpro.in
- '<Private IP address>':1039
- '<Private IP address>':1038
- ClassName: 'Indicator' WindowName: ''